Support pre-signed URLs for Zaqar queues

Just to be clear, you're talking about the ZaqarQueue resource?

Yes, although I'm not 100% sure whether it should be an attribute of the existing OS::Zaqar::Queue resource or a new OS::Zaqar::PresignedURL resource type. (Ideally it would be the former, but it seems like there's a lot of options that can be passed.)

After thinking about this a bit over the weekend, I actually see a big advantage for having a separate resource type for the pre-signed URL: that would make it easy to generate a new one by marking the URL resource unhealthy and updating the stack. So you could create a stack with:

* A server
* A Zaqar queue
* A presigned-url resource for the queue
* A SW Deployment to pass the URL to the server
* A Mistral workflow to act on messages from the queue
* A Zaqar subscription to trigger the workflow from messages
* A second Mistral workflow to mark the presigned-url resource unhealthy
* A Mistral timed trigger to periodically kick off the workflow to regenerate the URL

and you'd have effectively recreated something similar to the system of rotating keys that AWS has for IAM Roles, except with much more flexibility and fine-grained control.

Fix proposed to branch: master
Review: https://review.openstack.org/391846

Reviewed: https://review.openstack.org/391846
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=571740f07d5415df83580042e93eeefffeb57b9f
Submitter: Jenkins
Branch: master

commit 571740f07d5415df83580042e93eeefffeb57b9f
Author: Thomas Herve <email address hidden>
Date: Mon Oct 31 14:19:40 2016 +0100

    Support Zaqar signed queue URLs

    This adds new resource to generate a signed URL for a Zaqar queue.

    Change-Id: Ib42f11bf13d1e836563023a9fa587b93c875ec61
    Closes-Bug: #1628691

This issue was fixed in the openstack/heat 8.0.0.0b1 development milestone.